Jump to content
Adam_Kearn

Connect to Server Page - Support HTTPS by default.

Recommended Posts

Adam_Kearn

(The first part talks about my current setup  skip to TLDR:  at the bottom to see my feature request)

 

I have resently setup Cloudflare SSL for my Emby server.
When trying to connect to my server using the details in the below screen shot below:

image.png.18db7b95683d30f904f316fcca2a5271.png

And looking in javascript console using dev tools I found that it was making HTTP requests to my server  (even with always use HTTPS enabled)

image.png.dc9c3cc180d1045b7eea0090251ee52e.png

 

I assumed these requests would have changed to HTTPS://  with "Always use HTTPS" turned on in the Cloudflare portal.

Emby will only connect to my server if I manually append HTTPS://  to the start of my domain name.    https://emby.domain.net
I want to make connecting to my server as easy as possable.

 

================================

TL;DR

My feature request is to make emby check for HTTPS://  and HTTP:// when you provide a host so you don't have to manually put HTTPS:// in front of your domain name on the "Connect to Server" screen.  (screenshot above).  and just have a checkbox to force HTTP

Also Personally I think the emby should also attempt to use 443, 80, 8920, 8096  by default.   Then you only need to provide a port if you run you emby on something else.

 

Let me know if I need to explain anything in more detail as my brain can't think at the moment.   Its 3am,  I am going bed.

 

Edited by Adam_Kearn
Uploaded image twice by accident.

Share this post


Link to post
Share on other sites
Luke

Hi, if you're going to manually enter the address, then you do need to be explicit about it and specify https. But even when doing that you should still be getting a redirect to https if you've set that up at your reverse proxy level. Please let us know if this helps. Thanks.

Share this post


Link to post
Share on other sites
pir8radio

Make sure the domain name is orange clouded "image.png.349cc55ad38b9e81b5b04368afbac389.png"

Also Turn on these options under SSL/TLS settings - Edge Certificates, are these options on?   (shown below both are OFF)

image.thumb.png.e177a0c52a25f0c6e6789124afe95f0c.png

 

Edited by pir8radio

Share this post


Link to post
Share on other sites
Adam_Kearn

Thanks for the replies guys.
I had "Always use HTTPS" enabled before.  But I didn't have HSTS setup - since then I have set this up now.

It's just when I try and access my server in the emby theatre app using just  emby.mydomain.net  I see it not redirect to the https:// protocol (even though it's enabled on Cloudflare).
It seems to stay on the HTTP URL.  Because of this when I try and log in it will fail to authenticate.
You can see this in the dev tools on emby theatre as shown in the screenshot below:

image.png.15a0aecc3677a000eaa001991d244cd4.png


But if I manually add https:// to the host url it will work

image.png.3153b34a88118d5990bf3b4d87415c12.png

 

 

I would like to propose possibly allowing redirect to https:// by default in "Select Server" page?

Also because Cloudflare doesn't support every single port, I thought it might be worth also changing the default port on the "Select Server" screen to try both embys HTTP/HTTPS port (8096/8920) and also 80/443 and then just have the box which you enter the port an optinal feild.
Then people who do have HTTPS setup don't have to change the port since it always defaults the emby HTTP port.

 

Let me know if you need to to go more indepth or explain something more.   I am not verry good when it comes to explaining stuff...

Edited by Adam_Kearn

Share this post


Link to post
Share on other sites
Luke

If you want that type of redirecting to happen then you need to set it up at the reverse proxy level, if you are using a reverse proxy.

But keep in mind, even without that, this will only be for initial connection and then the app will switch to the remote address displayed on your server dashboard (if it is different).

In other words, the flow is like this: user enters connection info -> that connection info is initially used -> then after successful sign in the app gets the same address info that is displayed on your server dashboard, and from that point on, it will use that address.

Share this post


Link to post
Share on other sites
Adam_Kearn

 

16 minutes ago, Luke said:

If you want that type of redirecting to happen then you need to set it up at the reverse proxy level, if you are using a reverse proxy.

But keep in mind, even without that, this will only be for initial connection and then the app will switch to the remote address displayed on your server dashboard (if it is different).

In other words, the flow is like this: user enters connection info -> that connection info is initially used -> then after successful sign in the app gets the same address info that is displayed on your server dashboard, and from that point on, it will use that address.

But that means the credentials will be going over HTTP which is unencrypted right?

Share this post


Link to post
Share on other sites
Luke

That's true yes, so ideally you should explicitly enter the https when configuring the address.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...